Slovenia
Legal Person
13,491 €
GDPR enforcement action by Slovenian Supervisory Authority (Informacijski pooblaščenec) on 2026-03-27.
Rank · Sector
#45
of 218 in Not assigned
Rank · Slovenia
#4
of 17
Rank · All fines
#1,229
of 3,039
Case details
- Authority
- Slovenian Supervisory Authority (Informacijski pooblaščenec)
- Date
- 2026-03-27
- Controller / Processor
- Legal Person
- Sector
- Not assigned
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Slovenian DPA has imposed a fine of EUR 13,491 on a legal person. The controller failed to implement adequate technical and organisational measures to ensure data security by not using a sufficient randomisation method, which allowed unauthorised persons to easily access data subjects' health records by guessing a six-digit number and entering it into a web browser.
Open original source
Links to the regulator's original publication or another source.
Related fines
Slovenia
2025-12-11
75,474 €
ETid-3012
RIEDL PRECISION d.o.o.
Employment
Slovenia
2025-11-21
16,650 €
ETid-3008
Legal Entity
Not assigned
Slovenia
2025-05-14
16,000 €
ETid-3002
Oddaja sob
Accomodation and Hospitality
Slovenia
2025-07-29
11,614 €
ETid-3006
Legal Entity
Not assigned
Slovenia
2025-11-26
6,600 €
ETid-3009
Legal Entity
Employment
Slovenia
2026-04-15
6,600 €
ETid-3111
Utility Company
Industry and Commerce